Sei sulla pagina 1di 40


Divisi Training
Departemen Teknik
z HotSpot is used for authentication in local
z Authentication is based on HTTP/HTTPS
protocol meaning it can work with any Internet
z HotSpot is a system combining together various
independent features of RouterOS to provide
the so called ‘Plug-and-Play’ access
Hotspot Scheme
z User tries to open a web
z page
z Router checks if the user
z is already authenticated in
z the HotSpot system
z If not, user is redirected
z to the HotSpot login page
z User specifies the login
z information
z If the login information is
z correct, then the router
z authenticates the client in the
z Hotspot system;
z opens the requested web page;
z opens a status pop-up window
z The user can access the
z network through the
z HotSpot gateway
HotSpot Features
z User authentication
z User accounting by time, data
z Data limitation
− by data rate
− by amount
z Usage restrictions by time
z RADIUS support
z Walled garden
Konfigurasi Router Via Winbox
Create Wlan for Hotspot
Create Hotspot
Aded IP address
For gateway Hotspot
Create IP adress Hotspot
Dhcp Server setup
DNS setup
Hotspot Complete Setup
HotSpot Server Setup
z Automatically creates configuration entries in
z /ip hotspot
z /ip hotspot profile
z /ip hotspot users
z /ip pool
z /ip dhcp-server
z /ip dhcp-server networks
z /ip firewall nat (dynamic rules)
Hotspot Profile
Uses Radius
HotSpot Authentication
z HTTP PAP - simplest method, which shows the
HotSpot login page and expects to get the user
credentials in plain text (maximum compatibility
z HTTP CHAP - standard method, which includes
CHAP computing for the string which will be
sent to the HotSpot gateway.
z HTTPS – plain text authentication using SSL
protocol to protect the session
HotSpot Authentication
z HTTP cookie - after each successful login, a
cookie is sent to the web browser and the same
cookie is added to active HTTP cookie list. This
method may only be used together with HTTP
z MAC address - authenticates clients as soon as
they appear in the hosts list, using client's MAC
address as user name
z Trial - does not require authentication for a
certain amount of time
Configure User
HotSpot User Profiles
HotSpot IP Bindings
HotSpot IP Bindings
z Setup static NAT translations based on either
− the original IP address (or IP network),
− the original MAC address.
z Allow some addresses to bypass HotSpot
authentication. Usefully for providing IP
telephony or server services.
z Completely block some addresses.
HotSpot HTTP-level Walled Garden
HotSpot HTTP-level Walled Garden

z Walled garden allows to bypass HotSpot

authentication for some resources
z HTTP-level Walled Garden manages HTTP and
HTTPS protocols
z HTTP-level Walled Garden works like Web-
proxy filtering, you can use the same HTTP
methods and same regular expressions to
make an URL string
HotSpot IP-level Walled
z IP-level Walled Garden works on the IP level,
use it like IP firewall filter
Login Page Customization
z There are HTML template pages on the router
FTP for each active HotSpot profile
z Those HTML pages contain variables which will
be replaced with the actual information by the
HotSpot before sending to the client
z It is possible to modify those pages, but you
must directly download HTML pages from the
FTP to modify them correctly
Login pages Hotspot
User Manager for HotSpot
z Centralized Authorization and Accounting
z Works as a RADIUS server
z Built in MikroTik RouterOS as a separate
Requirements for User Manager
z x86 based router with MikroTik RouterOS v2.9.x
and v3.1
z Router with at least 32MB RAM
z Free 2MB of HDD space
z RouterOS Level 4 license for more than 10
active sessions (in RouterOS v2.9.x)
z User Authorization using PAP,CHAP
z Multiple subscriber support and permission
z Credits/Prepaid support for users
z Rate-limit attribute support
z User friendly WEB interface support
z Report generation by time/amount
z Detailed sessions and logs support
z Simple user adding and voucher printing
New Features
z User Authorization using MSCHAPv1,MSCHAPv2
z User status page
z User sign up system
z Support for decimal places in credits
z and PayPal payment gateway support
z Database backup feature
z License changes in RouterOS v3.0 for active users:
− Level3 – 10 active users
− Level4 – 20 active users
− Level5 – 50 active users
− Level6 – Unlimited active users
Supported Services
z Hotspot user authorization
z PPP/PPtP/PPPoE users authorization,
z Encryption also supported
z DHCP MAC authorization
z Wireless MAC authorization
z RouterOS users authorization
User Manager Usage
z Hotels
z Airports
z Cafés
z Universities
z Companies
z ISPs
User Signup
z User can create a new account by filling out the
form. An account activation email will be sent to
the users email address
Billing Hotspot
menggunakan User Manager
Konfigurasi Billing
Menambahkan Radius
Create User
Generate User